Integrate with Cisco ISE ANC policy

Cisco Identity Services Engine (ISE) Adaptive Network Control (ANC) policy is a feature that allows administrators to monitor and control network access for endpoints. ANC policies are used to enforce specific actions on endpoints based on their behavior or security posture.

1. Create and ANC policy (for ANC policy quarantine only)

1. In Cisco ISE, go to Operations > Adaptive Network Control > Policy List.
2. Click Add.
3. Name the new ANC policy and select an Action from dropdown list.

   

The new policy is added to the list.

2. Create a new policy (for ANC policy quarantine only)

1. In Cisco ISE, go to Policy Sets.

   

2. Click the FortiDeceptor in the Policy Set Name column, click the FortiDeceptor policy.

   

3. Expand Authorization Policy - Global Exceptions (1). To add a new policy, click the plus sign (+) in the Status column.

   

4. In the Conditions column, click the plus sign (+

   

   ).
5. In the Editor click the Click to add an attribute field. In the Attribute column, search for anc and select ANCPolicy.

   

6. Click Choose from list or type, select the policy you created in the first step (QuarantinefromFDC) and click Use. .

   

7. From the Profiles dropdown, select DenyAccess.

   

8. In the Authorization Policy, ensure the Conditions column is empty and Profiles dropdown is set to PermitAccess.

   

3. Configure FortiDeceptor

1. In FortiDeceptor, go to Fabric > Quarantine Integration.
2. Click Quarantine integration with new device. The Integrate With New Device dialog opens.
3. From the Integrate Method dropdown, select Cisco-ISE ANC policy.
4. Configure the integration settings and click Save.